tag:blogger.com,1999:blog-6213873389151207316Mon, 21 Jan 2019 22:01:14 +0000IFTTTFeedlyEMC FeedsTweet 2 RSS FeedVMware BlogsTrend Micro Simply SecurityOracle Secure Enterprise Search Results for: securityOracle Technology Networks BlogSymmetricalDataSecurityhttp://symmetricaldatasecurity.blogspot.com/noreply@blogger.com (Cornelius Healy)Blogger71660125tag:blogger.com,1999:blog-6213873389151207316.post-4650262675095396607Mon, 21 Jan 2019 22:01:00 +00002019-01-21T14:01:14.523-08:00Over 4 percent of all Monero was mined by malware botnetshttp://symmetricaldatasecurity.blogspot.com/2019/01/over-4-percent-of-all-monero-was-mined.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-184365301921394781Mon, 21 Jan 2019 18:48:00 +00002019-01-21T10:48:17.551-08:00Google fined $57 million by France for lack of transparency and consent<img src="https://1.bp.blogspot.com/-JlGt5AMqWPc/XEYP5cLJOeI/AAAAAAAAzGU/xZt620Z3xk4LQ0sPo87UrHXtfZ3cmYCeQCLcBGAs/s728-e100/google-privacy-gdpr-fine.jpg" title="Google fined $57 million by France for lack of transparency and consent" /><br /><div><div id="articlebody" itemprop="articleBody"><p>The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year.</p><p>The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data Protection Commission) said in a</p><a href="https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc">press release</a><p>issued today.</p><p>The fine was imposed following the latest CNIL investigation into Google after receiving complaints against the company in May 2018 by two non-profit organizations—None Of Your Business (NOYB) and La Quadrature du Net (LQDN).</p><h2>Why Has Google Been Fined?</h2><p>According to the CNIL, Google has been found violating two core privacy rules of the GDPR—Transparency, and Consent.</p><p>First, the search engine giant makes it too difficult for users to find essential information, like the "data-processing purposes, the data storage periods or the categories of personal data used for the ads personalisation," by excessively disseminating them across several documents with buttons and links and requiring up to 6 separate actions to get to the information.</p><p><ins data-ad-client="ca-pub-7983783048239650" data-ad-format="link" data-ad-slot="3375644985"></ins></p><p>And even when the users find the information they are looking for, the CNIL says that information is "not always clear nor comprehensive."</p><p>"Users are not able to fully understand the extent of the processing operations carried out by Google," the Commission says. "Similarly, the information communicated is not clear enough so that the user can understand that the legal basis of processing operations for the ads personalization is the consent and not the legitimate interest of the company."</p><p>Secondly, Google does not obtain its user's valid consent to process data for ads personalization purposes.</p><h2>Google Fined For Violating GDPR Law</h2><p>According to the CNIL, the option to personalize ads is "pre-ticked" when creating an account with Google, effectively making its users unable to exercise their right to opt out of data processing for ads personalization, which is illegal under the GDPR.</p><p>Finally, the CNIL says Google by default ticks the boxes that say "</p><b>I agree to Google’s Terms of Service</b><p>" and that "I agree to the processing of my information as described above and further explained in the Privacy Policy" when users create an account.</p><p>However, broader consent like this is also illegal under the GDPR rules.</p><p>"The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalization, speech recognition, etc.)," the Commission says.</p><p>Although the 50 euros million fine seems large, it is small compared to the maximum penalty allowed by GDPR for large companies like Google, which is 20 million euros or 4 percent of the company's annual global revenue, whichever is higher.</p><p>Besides Google, NOYB and LQDN also filed a complaint against Facebook in May, so let's see what happens to Facebook next.</p><h2>Other Record Fines On Google</h2><p>It's not the first time when Google has been fined under privacy violation. Back in July, the company was levied with a</p><a href="https://thehackernews.com/2018/07/google-android-antitrust-fine.html">record $5 billion fine by the EU</a><p>in an Android antitrust case, which Google is currently appealing.</p><p>However, a few months back, the search engine giant overhauled its Android business model in Europe, electing to charge a fee to European Android phone manufacturers who want to include its apps on their Android handsets.</p><p>The EU also hit Google with a separate</p><a href="https://thehackernews.com/2017/06/google-search-antitrust-fine.html">antitrust penalty of $2.7 billion</a><p>(2.4 billion euros) in 2017 over shopping-search results in Google Search.</p><p>In response to the GDPR fine imposed by France, Google said in a statement: "People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps."</p></div></div><br /><br />from The Hacker News http://bit.ly/2Hq5WRN http://symmetricaldatasecurity.blogspot.com/2019/01/google-fined-57-million-by-france-for.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-620134112119645247Mon, 21 Jan 2019 17:30:00 +00002019-01-21T09:30:51.390-08:00Online casino group leaks information on 108 million bets, including user detailshttp://symmetricaldatasecurity.blogspot.com/2019/01/online-casino-group-leaks-information.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-906584993303029368Mon, 21 Jan 2019 16:40:00 +00002019-01-21T08:40:10.875-08:00GDPR: Google hit with €50 million fine by French data protection watchdoghttp://symmetricaldatasecurity.blogspot.com/2019/01/gdpr-google-hit-with-50-million-fine-by.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-3881646719730995041Mon, 21 Jan 2019 16:05:00 +00002019-01-21T08:05:27.479-08:00Trio sent behind bars over illegal drug, painkiller trades in the Dark Webhttp://symmetricaldatasecurity.blogspot.com/2019/01/trio-sent-behind-bars-over-illegal-drug.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-3109087636745546481Mon, 21 Jan 2019 15:48:00 +00002019-01-21T07:48:29.195-08:00New malware found using Google Drive as its command-and-control server<img src="https://1.bp.blogspot.com/-3xfj4_Orqt0/XEXlNXcreaI/AAAAAAAAzF0/OQNOZe9RcqISZW19jZLa6JOM4TSV1btyACLcBGAs/s728-e100/microsoft-office-macro-malware.png" title="New malware found using Google Drive as its command-and-control server" /><br /><div><div id="articlebody" itemprop="articleBody"><p>Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly</p><a href="https://thehackernews.com/2018/12/malware-twitter-meme.html">adopting infrastructure of legitimate services</a><p>in their attacks to hide their malicious activities.</p><p>Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious</p><b>DarkHydrus APT</b><p>group that uses Google Drive as its command-and-control (C2) server.</p><p>DarkHydrus first came to light in August last year when the APT group was leveraging the open-source Phishery tool to carry out credential-harvesting campaign against government entities and educational institutions in the Middle East.</p><p><ins data-ad-client="ca-pub-7983783048239650" data-ad-format="link" data-ad-slot="3375644985"></ins></p><p>The latest malicious campaign conducted by the DarkHydrus APT group was also observed against targets in the Middle East, according to reports published by the 360 Threat Intelligence Center (</p><a href="https://ti.360.net/blog/articles/latest-target-attack-of-darkhydruns-group-against-middle-east-en/">360TIC</a><p>) and</p><a href="https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/">Palo Alto</a><p>Networks.</p><p>This time the advanced threat attackers are using a new variant of their backdoor Trojan, called</p><b>RogueRobin</b><p>, which infects victims' computers by tricking them into opening a Microsoft Excel document containing embedded VBA macros, instead of exploiting any Windows zero-day vulnerability.</p><p>Enabling the macro drops a malicious text (.txt) file in the temporary directory and then leverages the legitimate 'regsvr32.exe' application to run it, eventually installing the RogueRobin backdoor written in C# programming language on the compromised system.</p><p>According to Palo Alto researchers, RogueRobin includes many stealth functions to check whether it is executed in the sandbox environment, including checking for virtualized environments, low memory, processor counts, and common analysis tools running on the system. It also contains anti-debug code.</p><p>Like the original version, the new variant of RogueRobin also uses</p><b>DNS tunneling</b><p>—a technique of sending or retrieving data and commands through DNS query packets—to communicate with its command-and-control server.</p><p>However, researchers discovered that besides DNS tunneling, the malware has also been designed to use</p><b>Google Drive APIs</b><p>as an alternative channel to send data and receive commands from the hackers.</p><blockquote>"RogueRobin uploads a file to the Google Drive account and continually checks the file’s modification time to see if the actor has made any changes to it. The actor will first modify the file to include a unique identifier that the Trojan will use for future communications," Palo Alto researchers say.</blockquote><p>The new malware campaign suggests that the APT hacking groups are shifting more towards abusing legitimate services for their command-and-control infrastructure to evade detection.</p><p>It should be noted that since VBA macros is a legitimate feature, most antivirus solutions do not flag any warning or block MS Office documents with VBA code.</p><p>The best way to protect yourself from such malware attacks is always to be suspicious of any uninvited document sent via an email and never click on links inside those documents unless properly verifying the source.</p></div></div><br /><br />from The Hacker News http://bit.ly/2MleJTR http://symmetricaldatasecurity.blogspot.com/2019/01/new-malware-found-using-google-drive-as.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-7442071646208663313Mon, 21 Jan 2019 14:40:00 +00002019-01-21T06:40:24.459-08:00Russia: We're suing Facebook, Twitter for snubbing law on storing users' data locallyhttp://symmetricaldatasecurity.blogspot.com/2019/01/russia-were-suing-facebook-twitter-for.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-4337991128904935905Mon, 21 Jan 2019 14:40:00 +00002019-01-21T06:40:23.383-08:00New Phobos ransomware exploits weak security to hit targets around the worldhttp://symmetricaldatasecurity.blogspot.com/2019/01/new-phobos-ransomware-exploits-weak.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-3135096826763331749Mon, 21 Jan 2019 11:35:00 +00002019-01-21T03:35:46.585-08:00DarkHydrus abuses Google Drive to spread RogueRobin Trojanhttp://symmetricaldatasecurity.blogspot.com/2019/01/darkhydrus-abuses-google-drive-to.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-8040010052040920479Mon, 21 Jan 2019 11:35:00 +00002019-01-21T03:35:45.638-08:00Smaller, cheaper: How these tiny satellites are spinning off new space data movementhttp://symmetricaldatasecurity.blogspot.com/2019/01/smaller-cheaper-how-these-tiny.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-3149067886955649183Mon, 21 Jan 2019 09:48:00 +00002019-01-21T01:48:19.129-08:00Alleged Russian Hacker Pleads Not Guilty After Extradition to United States<img src="https://1.bp.blogspot.com/-ltK9NmGaLtM/XEWSkZC7i-I/AAAAAAAAzFQ/jgVC6UYDs9AbVUrBijAmGa0FA6ISKXevQCLcBGAs/s728-e100/russian-hacker-ad-fraud.jpg" title="Alleged Russian Hacker Pleads Not Guilty After Extradition to United States" /><br /><div><div id="articlebody" itemprop="articleBody"><div dir="ltr" trbidi="on"><p>A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on</p><a href="https://tribune.com.pk/story/1892065/3-bulgaria-extradites-russian-hacker-us-embassy/">Friday</a><p>in a courtroom in Brooklyn, New York.</p><b>Aleksandr Zhukov</b><p>, 38, was</p><a href="https://thehackernews.com/2018/11/3ve-ad-fraud-google.html" target="_blank">arrested in November last year</a><p>by Bulgarian authorities after the U.S. issued an international warrant against him, and was extradited by Bulgaria to the United States on Thursday (January 18, 2019). He is currently in prison in Brooklyn.</p><p><ins data-ad-client="ca-pub-7983783048239650" data-ad-format="link" data-ad-slot="3375644985"></ins></p><p>In November 2018, law enforcement and multiple security firms collaborated to shut down one of the largest digital ad-fraud schemes, which they dubbed</p><b>3ve</b><p>, that infected</p><a href="https://thehackernews.com/2018/11/3ve-ad-fraud-google.html" target="_blank">over 1.7 million computers</a><p>worldwide to generate fake clicks used to defraud digital advertisers for years and made tens of millions of dollars in revenue.</p><p>Pronounced "Eve," the online ad-fraud campaign was believed to have been active since at least 2014, but its fraudulent activity grew last year, turning it into a large-scale business and earning their operators more than $30 million in profit.</p><p>At the time, the US Justice Department announced a 13-count indictment against eight people from Russia, Ukraine, and Kazakhstan, three of them had already been arrested including Zhukov,</p><b>Boris Timokhin</b><p>(39, Russian Federation who was arrested from Estonia), and</p><b>Sergey Ovsyannikov</b><p>(30, Republic of Kazakhstan who was arrested from Malaysia).</p><p>Other defendants who have not yet been caught by the authorities include:</p><ul><li>Mikhail Andreev (34, Russian Federation and Ukraine)</li><li>Denis Avdeev (40, Russian Federation)&nbsp;</li><li>Dmitry Novikov (Russian Federation)&nbsp;</li><li>Aleksandr Isaev (31, Russian Federation)</li><li>Yevgeniy Timchenko (30, Republic of Kazakhstan)</li></ul><p>Zhukov, along with other suspects, has been accused of organizing an advertising fraud scheme, dubbed "Methbot," from September 2014 through December 2016 wherein he rented out more than 1,900 computer servers hosted in commercial data centers to load ads from advertisers on over 5,000 counterfeit websites.</p><p>The scheme flawlessly generated billions of ad views and caused businesses to pay over $7 million for "ads that were never actually viewed by real human internet users," US prosecutors said in a November indictment.</p><p>All the eight defendants have been charged with 13 counts of criminal violations, including wire fraud, aggravated identity theft, money laundering, and conspiracy to commit computer intrusion, among others.</p><p>However, Zhukov denied all the charges against him on Friday, when he appeared in a Brooklyn courtroom in New York.</p></div></div></div><br /><br />from The Hacker News http://bit.ly/2HjG61Q http://symmetricaldatasecurity.blogspot.com/2019/01/alleged-russian-hacker-pleads-not.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-8853700701074195983Mon, 21 Jan 2019 04:00:00 +00002019-01-20T20:00:13.162-08:00Google Maps to roll out speed limit and speed camera featureshttp://symmetricaldatasecurity.blogspot.com/2019/01/google-maps-to-roll-out-speed-limit-and.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-4523138689096372401Sun, 20 Jan 2019 15:55:00 +00002019-01-20T07:55:18.304-08:00Popular WordPress plugin hacked by angry former employeehttp://symmetricaldatasecurity.blogspot.com/2019/01/popular-wordpress-plugin-hacked-by.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-6695599924277034021Sat, 19 Jan 2019 17:30:00 +00002019-01-19T09:30:55.108-08:00Websites can steal browser data via extensions APIshttp://symmetricaldatasecurity.blogspot.com/2019/01/websites-can-steal-browser-data-via.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-1101600774554785326Sat, 19 Jan 2019 14:07:00 +00002019-01-19T06:07:17.290-08:00IBM Security Bulletin: Financial Transaction Manager for ACH Services: Information Leakage in configuration listing (CVE-2018-1670)<div><div><div><p>Jan 19, 2019 9:00 am EST</p><p>Categorized: <a href="https://www.ibm.com/blogs/psirt/category/severity-low/">Low Severity</a></p></div><p>Share this post:</p><p id="sharespacing"><a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.ibm.com%2Fblogs%2Fpsirt%2Fibm-security-bulletin-financial-transaction-manager-for-ach-services-information-leakage-in-configuration-listing-cve-2018-1670%2F" target="_blank"></a> <a href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https%3A%2F%2Fwww.ibm.com%2Fblogs%2Fpsirt%2Fibm-security-bulletin-financial-transaction-manager-for-ach-services-information-leakage-in-configuration-listing-cve-2018-1670%2F&amp;title=IBM%20Security%20Bulletin:%20Financial%20Transaction%20Manager%20for%20ACH%20Services:%20Information%20Leakage%20in%20configuration%20listing%20(CVE-2018-1670)&amp;summary=IBM+Financial+Transaction+Manager+for+ACH+Services+%28FTM+ACH%29+for+Multi-Platform+could+allow+an+authenticated+user+to+obtain+sensitive+product+configuration+information+from+log+files.+CVE%28s%29%3A+CVE-2018-1670+Affected+product%28s%29+and+affected+version%28s%29%3A+FTM+ACH+v3.0.6.0+%26%238211%3B+3.0.6.4+Refer+to+the+following+reference+URLs+for+remediation+and+additional+vulnerability+details%3ASource+Bulletin%3A+http%3A%2F%2Fwww.ibm.com%2Fsupport%2Fdocview.wss%3Fuid%3Dibm10731545X-Force+Database%3A+https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F144946&amp;source=https%3A%2F%2Fwww.ibm.com%2Fblogs%2Fpsirt" target="_blank"></a> <a href="https://twitter.com/share?url=https%3A%2F%2Fwww.ibm.com%2Fblogs%2Fpsirt%2Fibm-security-bulletin-financial-transaction-manager-for-ach-services-information-leakage-in-configuration-listing-cve-2018-1670%2F&amp;text=IBM%20Security%20Bulletin:%20Financial%20Transaction%20Manager%20for%20ACH%20Services:%20Information%20Leakage%20in%20configuration%20listing%20(CVE-2018-1670)" target="_blank" class="ibm-twitter-encircled-link"></a></p><p dir="ltr">IBM Financial Transaction Manager for ACH Services (FTM ACH) for Multi-Platform could allow an authenticated user to obtain sensitive product configuration information from log files.</p><p><strong>CVE(s):</strong> <strong><u><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1670">CVE-2018-1670</a></u></strong></p><p><strong>Affected product(s) and affected version(s):</strong></p><p>FTM ACH v3.0.6.0 – 3.0.6.4</p><p><strong>Refer to the following reference URLs for remediation and additional vulnerability details:</strong><br />Source Bulletin: <u><a href="http://www.ibm.com/support/docview.wss?uid=ibm10731545">http://www.ibm.com/support/docview.wss?uid=ibm10731545</a></u><br />X-Force Database: <a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/144946">https://exchange.xforce.ibmcloud.com/vulnerabilities/144946</a></p></div></div><br /><br />from IBM Product Security Incident Response Team https://ibm.co/2RUu8A0 http://symmetricaldatasecurity.blogspot.com/2019/01/ibm-security-bulletin-financial.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-5937089158074491712Sat, 19 Jan 2019 01:12:00 +00002019-01-18T17:12:12.465-08:00Threat Roundup for Jan. 11 to Jan. 18<img src="https://alln-extcloud-storage.cisco.com/ciscoblogs/5a92b34de721f-460x230.png" title=" Threat Roundup for Jan. 11 to Jan. 18" /><br /><div><div id="post_info"><span>Threat Research</span><h1 id="post-272535">Threat Roundup for Jan. 11 to Jan. 18</h1><p>Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.</p><p>As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.</p><p><a href="https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html">Read More at Talosintelligence.com</a></p><p>&nbsp;</p><hr /><p><strong>Reference</strong><br /><a href="https://alln-extcloud-storage.cisco.com/ciscoblogs/5c420479b4fae.txt">TRU0111-0118</a>&nbsp;– This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the <em>Read More</em> link above for more details.</p><p>Share:</p><p>Tags:</p></div></div><br /><br />from Cisco Blog » Security http://bit.ly/2Cw04kt http://symmetricaldatasecurity.blogspot.com/2019/01/threat-roundup-for-jan-11-to-jan-18.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-8299295780046490107Sat, 19 Jan 2019 00:45:00 +00002019-01-18T16:45:29.016-08:00DNC says Russia tried to hack its servers again in November 2018http://symmetricaldatasecurity.blogspot.com/2019/01/dnc-says-russia-tried-to-hack-its.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-1544505239342176869Fri, 18 Jan 2019 23:41:00 +00002019-01-18T15:41:11.148-08:00FeedlyIFTTTCloud Security Alliance Celebrates 10th Anniversary at CSA Summit at RSA Conference 2019<img src="https://local-cdn.cloudsecurityalliance.org/global/site/img_src/img_src_logo.jpg" title="Cloud Security Alliance Celebrates 10th | Cloud Security Alliance" /><br /><div><div><h1>Cloud Security Alliance Celebrates 10th Anniversary at CSA Summit at RSA Conference 2019</h1><p><em>Starbucks CISO David Estlick among the Keynote Speakers</em></p><p><strong>SEATTLE – RSA CONFERENCE 2019 - Jan. 14, 2019</strong> –The <a href="https://www.cloudsecurityalliance.org/">Cloud Security Alliance</a> (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced its agenda for the <a href="https://csacongress.org/event/csa-summit-at-rsa-conference-2019/#home">CSA Summit 2019</a>, a full-day event being held on March 4 in conjunction with the RSA Conference 2019. The CSA Summit 2019 will reflect on the lessons learned by enterprises and cloud providers as cloud has become the dominant IT system in the market, while also exploring new frontiers—such as artificial intelligence, blockchain and IoT—that will be accelerating change in information security in the next decade.</p><p>“This year marks the 10-year anniversary of CSA’s founding, and to commemorate this milestone, the CSA Summit will bring key thought leaders to the main stage and look ahead to the next 10 years of cloud security. We’re excited to celebrate an extraordinary decade and look forward to another 10 years of raising awareness of best practices to help ensure not only a secure cloud computing environment but one in which emerging technologies present more opportunities than threats,” said Jim Reavis, founder and CEO, Cloud Security Alliance.</p><p>This year’s <a href="https://csacongress.org/event/csa-summit-at-rsa-conference-2019/#agenda">stellar line-up</a> will include the following sessions:</p><ul><li><strong>Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation</strong>. Jason Clark, Chief Strategy Officer, Netskope, and Bob Schuetter, CISO, Valvoline.</li><li><strong>The Future of Privacy: Futile or Pretty Good?</strong> Jon Callas, Technology Fellow, ACLU.</li><li><strong>Securing Your IT Transformation to the Cloud</strong>. Jay Chaudhry, CEO, Chairman, and Founder, Zscaler.</li><li><strong>Ten Years in Cloud: An Observation of Success (Discussion Panel)</strong>.</li><li><strong>Ready for Liftoff? Planning a Safe and Secure Cloud Migration</strong>. Jason Garbis, Vice President of Cybersecurity Products, Cyxtera.</li><li><strong>From GDPR to California Privacy: Managing Cloud Vendor Risk</strong>. Kevin Kiley, Vice President of Sales &amp; Business Development, OneTrust.</li><li><strong>Behind the Scenes of MGM Resorts’ Digital Transformation (Case Study).</strong> Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee, and Scott Howitt, Senior Vice President &amp; CISO, MGM Resorts International.</li><li><strong>Blockchain Demo</strong> with Kurt Seifried, Chief Blockchain Officer, Cloud Security Alliance</li><li><strong>The Approaching Decade of Disruptive Technologies (Discussion Panel).</strong></li></ul><p>Keynotes from Symantec and IBM will also be speaking along with Starbucks CISO Dave Estlick.</p><p>Security professionals will want to take advantage of the <a href="https://ae.rsaconference.com/US19/portal/newreg.ww">CCSKv4 Plus training class</a> (March 3-4). The course, led by Jon-Michael C. Brook, CISSP, CCSK, Certified AWS Solution Architect, provides a comprehensive review of cloud security fundamentals, prepares students to take the CSA CCSK v4 certificate exam and guides them through six hands-on labs that tie cloud security best practices to real-world applications.</p><p>Attendance is free to individuals registered as an RSA conference delegate or with an RSA Expo pass. Use code XEU9CSA and receive a free Expo Plus Pass (Offer is limited; expires Feb. 7) or use code 1U9CSAFD and receive $100 off full conference registration. Individuals must indicate their interest in attending on the <a href="https://www.rsaconference.com/events/us19/agenda/sessions/16947-CSA-Summit-CSA-10">CSA Summit session page</a> (click the star icon in the upper right corner) after completing <a href="https://www.rsaconference.com/events/us19/register">RSA registration</a>. Seating is limited and the event reaches capacity each year.</p><p><strong>WHAT</strong>: Cloud Security Alliance Summit 2019<br /><strong>WHEN</strong>: Monday, March 4, 8:30 am - 4:30 p.m.<br /><strong>WHERE</strong>: RSA Conference 2019 | Moscone Center South, Room 207<br /><strong>ATTENDEE REGISTRATION</strong>: <a href="https://www.rsaconference.com/events/us19/register">https://www.rsaconference.com/events/us19/register</a><br /><strong>MEDIA REGISTRATION</strong>: Email <a href="https://cloudsecurityalliance.org/cdn-cgi/l/email-protection#cea5afbca78eb4afa9ada1a3a3bba0a7adafbaa7a1a0bde0ada1a3"><span data-cfemail="5d363c2f341d273c3a3e3230302833343e3c293432332e733e3230">[email&nbsp;protected]</span></a> to receive press credentials and schedule pre-event/onsite interviews with CSA leadership and conference speakers.</p><p><strong>About Cloud Security Alliance</strong></p><p>The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at <a href="https://cloudsecurityalliance.org/">www.cloudsecurityalliance.org</a>, and follow us on Twitter <a href="https://twitter.com/#!/cloudsa">@cloudsa</a>.</p><p><strong>Contact</strong><br />Kari Walker for the CSA<br />ZAG Communications<br />703.928.9996<br /><a href="https://cloudsecurityalliance.org/cdn-cgi/l/email-protection#761d17041f360c171115191b1b03181f15021f1918055815191b"><span data-cfemail="ea818b9883aa908b8d898587879f8483899e83858499c4898587">[email&nbsp;protected]</span></a></p><div><p><strong>Share this content on your favorite social network today!</strong></p></div></div></div><br /><br />from Cloud Security Alliance Blog http://bit.ly/2RDFk4E http://symmetricaldatasecurity.blogspot.com/2019/01/cloud-security-alliance-celebrates-10th.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-7649295112911121028Fri, 18 Jan 2019 21:55:00 +00002019-01-18T13:55:34.869-08:00WiFi firmware bug affects laptops, smartphones, routers, gaming deviceshttp://symmetricaldatasecurity.blogspot.com/2019/01/wifi-firmware-bug-affects-laptops.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-3051202880729233620Fri, 18 Jan 2019 18:50:00 +00002019-01-18T10:50:13.343-08:00Verizon to roll out free robocoll spam protection to all customershttp://symmetricaldatasecurity.blogspot.com/2019/01/verizon-to-roll-out-free-robocoll-spam.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-7201313779974557846Fri, 18 Jan 2019 18:31:00 +00002019-01-18T10:31:41.459-08:00FeedlyIFTTTCCM v3.0.1 Addendum - BSI Germany C5 v1This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and the German Federal Office for Information Security (BSI) Compliance Controls Catalogue (C5).<br /><br />from Cloud Security Alliance Blog http://bit.ly/2TXVFOg http://symmetricaldatasecurity.blogspot.com/2019/01/ccm-v301-addendum-bsi-germany-c5-v1.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-6208755687366741445Fri, 18 Jan 2019 18:31:00 +00002019-01-18T10:31:40.600-08:00FeedlyIFTTTCCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and ISO/IEC 27002:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2014.<br /><br />from Cloud Security Alliance Blog http://bit.ly/2Dkscso http://symmetricaldatasecurity.blogspot.com/2019/01/ccm-v301-addendum-iso-27002-27017-27018_18.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-526679740882683407Fri, 18 Jan 2019 18:31:00 +00002019-01-18T10:31:39.618-08:00FeedlyIFTTTCCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and ISO/IEC 27002:2013, ISO/IEC 27017:2015 and ISO/IEC 27018:2014.<br /><br />from Cloud Security Alliance Blog http://bit.ly/2W00Fnf http://symmetricaldatasecurity.blogspot.com/2019/01/ccm-v301-addendum-iso-27002-27017-27018.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-9129228072043904864Fri, 18 Jan 2019 16:12:00 +00002019-01-18T08:12:23.286-08:00Security Choice: Simpler Buying for more Effective Security<div><div id="content"><p>Security is difficult. Detecting and stopping constantly evolving attacks is a never-ending (and often thankless) challenge.</p><p>And worse, the current state of security finds companies working with many products that don’t fit or work together.&nbsp; Managing so many product consoles and alerts makes complexity a primary security challenge.</p><p><strong>Licensing Headaches</strong></p><p>Adding to the challenge is staying on top of managing software licenses for these products — organizations are left managing dozens – if not hundreds – of licenses. <a href="https://www.cisco.com/c/dam/en/us/products/collateral/software/top-5-enteprise-software-challenges.pdf">IDC estimates</a> that software license complexity costs organizations an average of 25 percent of their annual software license budgets. That’s massive.</p><p>Disparate product licenses – all being activated and expiring at different times – are hard to keep track of, and can lead to many problems including critical gaps in security, inability to quickly deploy technology needed to fight attacks, unused technology and wasted money and often large overages due at the end of the year, impacting future budgets.</p><p>We have to wonder, shouldn’t security vendors be making things easier, not harder?</p><p><strong>Cisco Security Choice Enterprise Agreement</strong></p><p>Cisco is uniquely stepping up to solve these issues. Our new <a href="https://www.cisco.com/c/en/us/products/software/security-enterprise-license-agreement/index.html">Security Choice Enterprise Agreement</a>&nbsp;lets organizations choose any three or more qualified security products and get all the benefits and flexibility of our buying programs.</p><p><img class="wp-image-271925 alignleft" src="https://alln-extcloud-storage.cisco.com/ciscoblogs/5c3c6950893fe-550x147.jpg" alt="" /></p><p>As we consider how to <a href="https://www.cisco.com/c/en/us/products/security/threat-response.html">simplify the way we see and respond to threats&nbsp;</a>– we realize a key part of simplifying security is also making security simpler to buy.</p><p>Choice does this.</p><p>Software management gets streamlined with one single portal managing all software.&nbsp; Resources go further since products are discounted and free growth is included.</p><p>You get anytime access to the Cisco security portfolio and even get payment flexibility over time.</p><p>What makes Choice so strong are the specifics so let’s look at the beneficial aspects:</p><p>Simple software management</p><ul><li><strong>One single agreement with a simple portal</strong> – With Security Choice, customers get a single agreement for all Cisco Security software. What is more, all software licenses terminate at the same time and are managed through one easy-to-use portal. &nbsp;Software management headaches become a thing of the past.&nbsp; Security is only one part of the Cisco Enterprise Agreement along with networking, data center and collaboration.&nbsp; All Cisco software can be included in the same master enterprise agreement and manged from the same place for simplicity.</li></ul><p>Fast security responses</p><ul><li><strong>Fast deployment of critical technologies</strong> – Through the portal, customers can quickly obtain the technology they need, when they need it, without complex and lengthy licensing processes. This means critical security and compliance functions aren’t put at risk over sales cycles.</li></ul><p>Resources go further</p><ul><li><strong>Product discounts</strong> – Products are discounted up front – the more products included, the greater the discount.</li><li><strong>20 percent growth included</strong> – If customers grow during the course of a contract they have a growth allowance of up to 20 percent.</li><li><strong>‘True Forward’ terms</strong> – Replacing the typical “true up” process for licensing, ‘true forward’ does not penalize success. Traditionally, in “true up” scenarios, if a customer uses more software than originally acquired, they owe money for the overages. Not so with Cisco. If a customer exceeds their free 20 percent growth allowance, they will only pay for this extra usage moving forward, starting at their next software check-in, not in arrears.</li><li><strong>Support and upgrades</strong> – 24/7 technical support, software release updates, and product upgrades are included.</li></ul><p>Predictable billing</p><ul><li><strong>Annual payments with 0% financing</strong> – Not only can customers pay annually over three or five years, but they can also finance at 0% interest.</li></ul><p><strong>A 70% Advantage</strong></p><p><a href="https://www.cisco.com/c/dam/en/us/products/collateral/software/cisco-enterprise-agreement.pdf">According to ESG</a>, the simplicity of managing a Cisco Enterprise Agreement allows companies to reduce manpower dedicated to licensing by an average of 70 percent.</p><p><img class="wp-image-271941 alignright" src="https://alln-extcloud-storage.cisco.com/ciscoblogs/5c3c804659503-550x286.jpg" alt="" /></p><p>In more concrete terms, with the Cisco Enterprise Agreement, a U.S.-based health insurance company decreased the time it spends on licensing tasks from <strong>40 hours per week to just five hours</strong>.</p><p>To find out more about this transformative new buying program, contact your Cisco sales representative or reseller, or click <a href="https://www.cisco.com/c/en/us/products/software/security-enterprise-license-agreement/index.html">here</a> to learn more.</p><p>&nbsp;</p><p>Share:</p></div></div><br /><br />from Cisco Blog » Security http://bit.ly/2FJaPmH http://symmetricaldatasecurity.blogspot.com/2019/01/security-choice-simpler-buying-for-more.htmlnoreply@blogger.com (Cornelius Healy)0tag:blogger.com,1999:blog-6213873389151207316.post-7577970549140067431Fri, 18 Jan 2019 15:55:00 +00002019-01-18T07:55:37.141-08:00This malware spreading tool is back with some new trickshttp://symmetricaldatasecurity.blogspot.com/2019/01/this-malware-spreading-tool-is-back.htmlnoreply@blogger.com (Cornelius Healy)0